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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)D Responsive to communication(s) filed on 4/6/2004 . 
2a)Q This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) D Claim(s) is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) D Claim(s) is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on 17 December 2001 is/are: a)l3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 4) D Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1 449 or PTO/SB/08) 5) □ Notice of Informal Patent Application (PTO-1 52) 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 
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DETAILED ACTION 
CLAIMS PRESENTED 
Claims 1-30 are presented. 

Claims 1, 8, 13. 17, 22. 26 are the independent claims. The other claims are 
dependent claims. 

PERTINENT ART REGARDING CLAIMS 

The art made of record and not relied upon is considered pertinent to applicant's 
disclosure. The art disclosed general background. 

Regarding art cited by Applicant, one notes that Paper # 3, Paper # 4, Paper # 
5, Paper # 6, Paper # 7, Paper # 8, Paper # 9, Paper # 1 0, Paper #11, Paper # 1 2, 
Paper # 13, Paper # 14, Paper # 15, Paper # 16 of file history are information disclosure 
statements. Due to the sheer numerosity (number of IDS's), complexity, and length 
(number of documents and number of pages) of prior art, Applicant is notified that the 
Applicant may make some comments (regarding the prior art that may be helpful to 
examination of this case) before the PTO takes official action (such as "signing off' the 
PTOL-1449's). 

The following is art that is cited by PTO but not yet relied upon. 
http://www.rsasecuritv.com/node.asp?id=1313 provides a discussion on software 
tokens. This is pertinent to the virtual tokens of the claims. 
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http://www.rsasecuritv.com/node.asp?id=1 1 58 provides a discussion on 
hardware tokens. This is pertinent to the virtual tokens of the claims. 

http://www.rsasecuritv.com/products/securid/datasheets/SID PS 01 03.pdf 
provides a discussion on SecurlD in general. As SecurlD is a well known example of 
the TPM (trusted platform module) mentioned at page 1 of the specification of this 
patent application, this link is considered pertinent. TPCA (which includes Microsoft, 
HP/Compaq, and Intel -- the assignee listed in the cover page of the specification of this 
patent application -) gives a specification of this TPM. 
"Mobile Security Review", HP, 2002, as posted on 

www.hp.be/eqov/doc/mobile/mobile overview.pdf , gives a discussion on why TPM is 
specially relevant to mobile computing. 

In addition, Applicant has cited copious amount of prior art. Due to the amount of prior 
art, Applicant's discussion on cited prior art (if Applicant chooses to discuss the prior art 
in the future) regarding relevancy of the cited prior art would be helpful. 

CLAIM REJECTIONS 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having 
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ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 



Claims 1-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over admitted 
prior art (such as noted in the specification of this patent application, hereinafter also 
referred as "APA") and Gong et al. (cited by Applicant, Proceedings of the USENIX 
Symposium on Internet Technologies and Systems, Going Beyond the Sandbox: An 
Overview of the New Security Architecture in the Java Development Kit 1 .2, hereinafter 
also referred as "Gong"). 

Claims 1 , 8, 13. 17, 22. 26 are the independent claims. The other claims are dependent 
claims. 

Regarding claim 1 , APA teaches "A method comprising 

receiving a certification message generated by a physical token of a computing 
device that attests to a public key associated with a virtual token of the computing 

device and the physical token (page 1 , which mentions TPM as admitted prior 
art, i.e. physical tokens, virtual tokens, and permitting use of public key, etc.)." 

These passages of APA do not teach "requesting an entity to issue a credential 
for the public key associated with the virtual token based upon the certification 
message." 

Gong teaches "requesting an entity to issue a credential for the public key 
associated with the virtual token based upon the certification message (Section 2.1, 
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Security Policy --the third paragraph which discusses the public key that correspond to 
the signature, the fourth paragraph which discusses the class java.security.Codesource 
which involves trying to match URL and signature)" for the motivation of "security 
(Section 2. 1 , Security Policy)." 

Hence, it would have been obvious to those of ordinary skill in the art at the time 
of the claimed invention to combine APA with Gong for the motivation noted in the 
previous paragraphs so as to teach the claimed invention. 

Regarding claims 2 (hash, etc.), 3 (sending to entity, etc.), 4 (metric quotes, etc.), 
these features are well known in the art for the motivation of security. Regarding claims 
5,6,7 (various encryption features), these features are well known in the art for the 
motivation of security. 

Regarding claim 8, APA teaches "A physical token for a computing device, 
comprising 

a register to record an integrity metric that measures a virtual token of the 
computing device (page 1 , which mentions TPM as admitted prior art, i.e. physical 
tokens, virtual tokens, and permitting use of public key, etc.)." 

These passages of APA do not teach "one or more processing units to generate 
a random number and a certification message that specifies the register, that is 
encrypted by a key of an entity, and that has uniqueness based upon the random 
number." 

Gong teaches "one or more processing units to generate a random number and 
a certification message that specifies the register, that is encrypted by a key of an entity, 
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and that has uniqueness based upon the random number (Section 2.1, Security Policy - 
-the third paragraph which discusses the public key that correspond to the signature, 
the fourth paragraph which discusses the class java.security.Codesource which 
involves trying to match URL and signature)" for the motivation of "security (Section 2.1, 
Security Policy)." 

Hence, it would have been obvious to those of ordinary skill in the art at the time 
of the claimed invention to combine APA with Gong for the motivation noted in the 
previous paragraphs so as to teach the claimed invention. 

Regarding claims 9, 10, 1 1, 12, these various encryption features are well known 
in the art for the motivation of security. 

Regarding claim 13 (asymmetric key, etc.), claim 17 (virtual machine monitor, 
etc.), claim 22 (criteria for virtual token, etc.), these special features are suggested from 
the prior art (such as Gong). For example, the virtual machine handling (given an 
example at claim 17 - and also illustrated at Figure 3 of the specification of this 
application) is always part of Java (which is the main topic of discussion in Gong). 

Regarding claims 14, 15, 16, 18, 19, 20, 21, 23-25, these various encryption 
features are well known in the art for the motivation of security. 

Regarding claim 26, APA teaches "A machine readable medium comprising 
instructions, which in response to being executed, result in a computing device 
generating a certification message that attests to a physical token and an operating 
environment of a computing device; and 
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(page 1 , which mentions TPM as admitted prior art, i.e. physical tokens, virtual tokens, 
and permitting use of public key, etc.)." 

These passages of APA do not teach "requesting that an entity issue a credential 
to a virtual token of the computing device based upon the certification message." 

Gong teaches "requesting that an entity issue a credential to a virtual token of the 
computing 

device based upon the certification message (Section 2.1, Security Policy —the third 
paragraph which discusses the public key that correspond to the signature, the fourth 
paragraph which discusses the class java. security. Codesource which involves trying to 
match URL and signature)" for the motivation of "security (Section 2.1, Security Policy)." 

Hence, it would have been obvious to those of ordinary skill in the art at the time 
of the claimed invention to combine APA with Gong for the motivation noted in the 
previous paragraphs so as to teach the claimed invention. 

Regarding claims 27, 28, 29, 30, these various encryption features are well 
known in the art for the motivation of security. 

Conclusion 
Points of Contact 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany 
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the issue fee. Such submissions should be clearly labeled "Comments on Statement of 
Reasons for Allowance." 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
Washington, D.C. 20231 

or faxed to: 

(703) 746-7239, (for formal communications intended for entry) 
Or: 

(703) 746-5606 (for informal or draft communications, please label "PROPOSED" or 
"DRAFT") 

Hand-delivered responses should be brought to Crystal Park II, 2121 Crystal Drive, 
Arlington. VA., Sixth Floor (Receptionist). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David Jung whose telephone number is (703) 308-5262 
or Greg Morse whose telephone number is (703) 308-4789. 



David Jung 



Patent Examiner 




6/1/04 



